Some uncomfortable truths about AI coding agents

> The role change has been described by some as becoming a sort of software engineering manager, where one writes little or no code oneself but instead supervises a team of AI coding agents as if they are a team of human junior software engineers....

> In reality, though, the code review load for software engineers will gradually increase as fewer and fewer of them are expected to supervise an ever-growing number of coding agents, and they will inevitably learn to become complacent over time, out of pure necessity for their sanity. I’m a proponent of code review...but even I often consider it a slog to do my due diligence for a large code review (just because I think it’s important doesn’t mean I think it’s fun). If it’s your full-time job to review a swarm of agents’ work, and experience tells you they are good enough 95%+ of the time, you’re not going to pay as much attention as you should and bad changes will get through.

Another way to look at this is that AI coding agents take the fun out of a software engineer's job. The machine takes many of the fun parts and leaves the human with more of the unenjoyable parts.

Under our new ways of working, you are required to be excited an curious about this evolution three times per day.

The prompt injection section is the strongest point here and honestly underappreciated in most AI discourse. I work on a product that processes untrusted user-supplied content through an LLM pipeline, and the defensive engineering required is nontrivial. You essentially need a sanitization layer that strips anything resembling instructions from data before it enters the context window — conceptually similar to parameterized queries for SQL injection, except we don't have a clean equivalent yet. Every mitigation is heuristic-based and feels brittle.

The copyright angle is also genuinely interesting. Most real codebases will end up as a mix of human and AI-generated code, and the legal boundaries for that scenario are completely uncharted. The Berne Convention point is a good one — amending international IP frameworks moves at glacial speed, so companies are going to be operating in legal uncertainty for a long time regardless of what individual jurisdictions decide.

i was kinda hoping for TFA to finally produce some research outputs or even statistics, but sadly the `uncomfortable truths` are your usual vague talking points.

These opinions about what is going on w/ LLM development always stop short at first order effects and fail to account for second/third order effects.

> Skill atrophy

If LLMs are so good that you no longer have use for the skill, why do we care about skill atrophy? That skill isn't that useful to most people. There are so many examples of this in human history where it was completely fine and we went on to do higher order things that were more useful.

> Even if they set out fully intending to provide the highest level of scrutiny to all generated code, they will gradually lose the ability to tell a good change from a bad one

If this (first order effect) is actually a problem then it follows that we will naturally exercise our skill of detecting good change from bad ones (second order effect) and the skill will not atrophy? (third order effect). Seems like your "problem" is self correcting?

> At its core, the only defense I’ve got for that response is… this time feels different? Not a particularly rigorous defense, I admit, but I did warn you that this was the squishiest of the issues at hand.

Well, if you knew this perhaps it was better just not to lead with it and spend so many paragraphs on it.

> Some might argue that, even if that time comes eventually, that’s no reason not to make use of the tools that are available right now. But it should come as no surprise that I disagree. Better not to become overly dependent on AI coding agents in the first place so you’ll be better situated to weather the storm (and maybe even thrive) when it comes.

Well this argument didn't turn out to be any less squishy than the first one. It's a self correcting "problem" but you disagree and we should do X because you said so. What was the point of all of this then?

> Prompt Injection I also think this will likely always be a problem but you can pretty much point at ANY tool we use in software development. Your viewpoint would be similar to saying we should stop using libraries because there's always going to be a vulnerability when you distribute code that somewhere in the chain a bad actor can inject malicious code. So far, still squishy.

> Copyright/licensing > I’m not a lawyer! I’m a legal layperson offering my unqualified assessment of some tricky legal questions. Let’s get to it.

Sigh, this entire post is slop isn't it? Bad look for whatever "standup for me is".

edit: Standup for me is something that is made entirely irrelevant by LLMs, no surprise. The irony is rich.